The Hacker News — Cyber Security, Hacking, Technology News

The FBI hacked into more than 8,000 computers in 120 different countries with just a single warrant during an investigation into a dark web child pornography website, according to a newly published court filings.

This FBI's mass hacking campaign is related to the high-profile child pornography Playpen case and represents the largest law enforcement hacking campaign known to date.

The warrant was initially issued in February 2015 when the FBI seized the Playpen site and set up a sting operation on the dark web site, in which the agency deployed malware to obtain IP addresses from alleged site's visitors.

The piece of malware used by the FBI is known as a Network Investigative Technique (NIT). The malware was used for at least 13 days to break into the computer of users who visited certain threads on Playpen and then sent their IP addresses back to the bureau.

Earlier this year, court documents related to the Playpen case revealed that the FBI hacked over 1,000 alleged visitors of Playpen in the U.S. using a single warrant, along with computers in Australia, Chile, Colombia, Austria, Denmark, Greece, the UK, Turkey, and Norway during the investigation.

However, the new federal court hearing transcript from a related case reveals that the hack went much further farther and wider than previously believed and that the bureau actually hacked into more than 8,000 users' computers across 120 different countries.

"We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping," federal public defender Colin Fieman said in a court hearing at the end of October, according to the transcript.

According to the transcript, the FBI also hacked what has been described as a "satellite provider." "So now we are into outer space as well," Fieman said.

"The fact that a single magistrate judge could authorise the FBI to hack 8,000 people in 120 countries is truly terrifying," Christopher Soghoian, a principal technologist at the American Civil Liberties Union (ACLU), told Motherboard.

The major controversy surrounding the Playpen case has been that Virginia-based US Magistrate Judge Theresa C. Buchanan who signed the warrant did not have the authority to authorize such searches.

The fact is that the magistrate judges are a more junior type of judges who don't actually have jurisdiction to issue warrants outside their own districts. Only more senior federal judges, known as district judges, have the authority to issue such warrants under Rule 41.

The changes to Rule 41 will grant the FBI much greater powers to hack into any computer within the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge (even magistrate judges).

The changes in this rule are set to take effect on December 1, 2016.

"The US government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the Electronic Frontier Foundation (EFF) said. "The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance."

"We believe technology shouldn't create a lawless zone merely because a procedural rule has not kept up with the times," writes Assistant Attorney General Leslie R. Caldwell of the Criminal Division.

If take into effect, privacy activists and cybersecurity experts believe that the US law enforcement will most likely use the changes to Rule 41 to further expand their capabilities of mass hacking techniques.

Have you considered the possibility that someone could be watching you through your webcam? Or Listening to all your conversations through your laptop’s microphone?

Even a bit of thought about this probability could make you feel incredibly creepy.

But most people think that they have a solution to these major issues i.e. simply covering their laptop’s webcam and microphone with tape, just like Facebook CEO Mark Zuckerberg and FBI Director James Comey.

But it's 2016, and a piece of tape won't help you, as a new experiment has proved that how easily hackers can turn your headphones into a microphone to spy on all your conversations in the background without your knowledge.

A group of Israeli security researchers at Ben Gurion University have created a proof-of-concept code (malware) that converts typical headphones into microphones and then use them to record all your conversations in the room just like a fully-featured spying device.

Speake(a)r Malware Weaponizes Headphones and Speakers

Using headphones as microphones is a decade-old technique. There are many videos available on YouTube, which show that earbuds can function as microphones in a pinch.

But what the researchers managed to do is switching an output channel of the audio card on your laptop — running either Windows or Mac OS — to an input signal and then recording the sound without any dedicated microphone channel from as far as 20 feet away.

Dubbed "Speake(a)r," the malicious code (malware) is disturbingly able to hijack a computer to record audio even when its microphone is disabled or completely disconnected from the computer.

"People don’t think about this privacy vulnerability," says lead researcher Mordechai Guri told Wired. "Even if you remove your computer’s microphone, if you use headphones you can be recorded."

Speake(a)r actually utilizes the existing headphones to capture vibrations in the air, converts them to electromagnetic signals, alters the internal functions of audio jacks, and then flips input jacks (used by microphones) to output jacks (used for speakers and headphones).

This allows a hacker to record audio, though at a lower quality, from computers with disabled or no microphone or from computers of a paranoid user, who has intentionally removed any existing audio components.

But What made this Hack Possible?

Thanks to a little-known feature of Realtek audio codec chips that actually "retask" the computer's output channel as an input channel silently.

This makes it possible for the researchers' malware to record audio even when the earbuds is connected into an output-only jack and do not even have a microphone channel on their plug.

What's even worse? Since RealTek chips are being used on the majority of systems these days, the Speake(a)r attack works on practically any computer, running Windows or MacOS, and most laptops, as well, leaving most computers vulnerable to such attacks.

"This is the real vulnerability," said Guri. "It’s what makes almost every computer today vulnerable to this type of attack."

The feature of RealTek audio codec chips is truly dangerous, as it can not be easily fixed. The only way to deal with this issue is to redesign and replace the chip in current as well as future computers, which is impractical.

Security researchers also published a YouTube video which shows the Speake(a)r eavesdropping attack in work.

For more detailed and technical explanation of the Speake(a)r attack, you can head on to the research paper [PDF] titled "Speake(a)r: Turn Speakers to Microphones for Fun and Profit."

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.

The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements.

The NTP daemon is used in almost every device that needs to synchronize time on computer clocks. NTP got the most attention in late 2014 and 2015 when hackers used it to launch highly amplified DDoS attacks against services.

The flaw which affects NTP.org's nptd versions prior to 4.2.8p9, but not including ntp-4.3.94, has been discovered by security researcher Magnus Stubman, who privately disclosed it to the Network Time Foundation on June 24.

A patch for the vulnerability was developed and sent to Stubman on 29th September and just two days later, the researcher acknowledged that it mitigated the issue. And now he went with the public disclosure.

"The vulnerability allows unauthenticated users to crash ntpd with a single malformed UDP packet, which causes a null pointer dereference," Stubman wrote in an advisory published Monday.

Stubman also released a PoC exploit that can crash the NTP daemon and creates a denial-of-service (DoS) condition. The issue only affects Windows.

Besides Stubman's high severity vulnerability, the latest NTP update also addresses two medium severity bugs, two medium-low severity, and five low-severity security issues; 28 bug fixes, and contains other improvements over 4.2.8p8.

Another major bug is a trap-crash vulnerability reported by Cisco's Matthew Van Gundy.

"If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service," reads the advisory.

CERT at the Software Engineering Institute at Carnegie Mellon University has also released the full list of the vulnerabilities in NTP and fixes. It also listed some vendors that implement NTP and could be affected by the bugs.

Since the exploit for the severe bug is available to the public, administrators are strongly recommended to patch their NTP implementations as soon as possible.

In the past, we have seen hackers abusing the NTP servers by sending small spoofed UDP packets to the vulnerable server that requests a significant amount of data (megabytes worth of traffic) to be sent to the DDoS's target IP Address.

In a study conducted by Arbor Networks in late 2013, the researchers illustrated the effectiveness of NTP amplification attacks that are massive and efficient to take any large server offline because they reflect 1,000 times the size of the initial query back to the target.

ATM hackers who long relied on tactics of stealing payment card numbers and online banking credentials to steal millions are now targeting the bank itself to steal cash directly from the machines.

Earlier this year, a gang of cyber criminals infected several ATMs with malware in Taiwan and Thailand that caused the machines to spit out millions in cash, and the gang members then stood in front of the infected ATMs at the appointed hour and collected the money.

Now, the FBI has warned U.S. banks of the potential for similar ATM jackpotting attacks, saying that the agency is "monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector."

ATM jackpotting is a technique used to force automated teller machines to spit out cash.

According to Russian cyber security firm Group-IB, cyber crooks have remotely infected ATMs with malware in more than dozen countries across Europe this year, which forces machines to spit out cash.

The world's two largest ATM manufacturers, Diebold Nixdorf and NCR Corp., said they were aware of the ATM attacks and had already been working with their customers to mitigate the threat.

The cyber criminals have been targeting ATMs for at least five years, but the latest hacking campaigns mostly involved small numbers of ATMs due to the fact that hackers required physical access to the machines to collect cash.

Group-IB did not name the banks targeted in the campaign but said the victims were located in Armenia, Bulgaria, Estonia, Georgia, Belarus, Kyrgyzstan, Moldova, Spain, Poland, the Netherlands, Romania, the United Kingdom, Russia, and Malaysia.

Both Diebold Nixdorf and NCR said they had already provided banks with information on how to thwart the attack, Reuters reported.

"We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks," said Owen Wild, NCR's global marketing director for enterprise fraud and security.

The disclosure of the new campaign comes months after two large ATM hacks, wherein hackers stole $2.5 Million from Taiwan's First Bank and $350,000 from Thailand's state-owned Government Savings Bank.

While Group-IB believes the attacks across Europe were conducted by a single criminal group, dubbed Cobalt, the FBI believes the malicious software used in the attack could be linked to the Russian ATM gang known as Buhtrap, the Wall Street Journal reported.

However, citing the tools and techniques used by both groups, Group-IB believes that Cobalt is linked to Buhtrap, which stole 1.8 Billion rubles ($28 Million) from Russian banks between August 2015 and January 2016.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Since the company provides cloud-based DNS service to customers such as Spotify, Netflix, Twitter and Pfizer, the acquisition will help Oracle's cloud customers to optimize their infrastructure costs and performance.

According to the press release, the Dyn acquisition "extends the Oracle cloud computing platform and provides enterprise customers with a one-stop shop for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)."

"Oracle Cloud customers will have unique access to Internet performance information that will help them optimize infrastructure costs, maximize application and website-driven revenue, and manage risk," said Kyle York, chief strategy officer of Dyn.

The company said Dyn's immensely scalable and global DNS is not just a critical core component but also provides a natural extension to Oracle's cloud computing platform.

So, the deal would help its cloud customers improve access and page-load speeds for their websites using internet performance information.

Oracle did not disclose the acquisition amount it paid for Dyn, but a source close to the deal told Fortune that Oracle paid somewhere between $600 Million and $700 Million to acquire Dyn.

Dan Primack reported that Oracle paid around $600 million for Dyn, though Dyn has yet to respond to a request for comment.

Oracle is far behind Amazon Web Services (AWS), which is the market leader in the infrastructure cloud computing market. The deal would potentially make the company compete with Amazon's AWS and on Microsoft's Azure – Route 53 and Azure DNS.